NY rules might change the CyberSecurity game.

NY rules

Due to the complexity of the security technology, IT specialists are finding it more difficult to explain senior officers how security strategy works. Ponemon Institute polled IT specialists as part of a study. They found out that 67% of those interviewed agreed that their companies‘ strategy “is too complex to explain to senior executives.” NY rules: a gamechanger.

NY rules might open a new door

The NY State Department of Financial Services issued its “Cybersecurity Requirements for Banks, Insurance Companies, and Other Financial Services Companies”. This is effective since March 2017.

These requirements lay on the table regulations that involve financial institutions proactively engaging in cybersecurity activities.  But more importantly, these regulations require that “senior officers” acknowledge that they have checked the relevant documents. In addition that the company complies with the regulations.

In other words, the State of New York is now requiring these senior officers to certify that they are educated in those things. Things that Ponemon Institute found out are beyond the educational reach of senior officers.

NY rules: There could be an easier way out

But there is one important aspect to note.  Basically, the regulations define a “senior officer” as “the senior individual or individuals … responsible for the management, operations, security, information systems, compliance and/or risk of a Covered Entity…”

In other words, this means that anyone at the financial institution who is responsible for cybersecurity can be the senior officer executing the certification.  It does not really need to be a board member or an executive officer.

Financial institution must designate a chief information security officer (CISO).  This person is very likely the one who will at the end sign off on the certification. The CISO can be from the company or from a third-party service.

The importance of getting these rules right

When a company complies with the regulations of New York State’s cybersecurity requirements, they can provide a stronger claim against lawsuits by shareholders derived from data breach.

Most of the time, these lawsuits point out a poor or nonexistent corporation oversight were a determining factor for the loss of information.

In order to assure to your business the best tool available, Swascan together with Raoul Chiesa ( Raoul Chiesa interview ) developed a special cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our three services cover all the governance needs in terms of risk management and periodic assessment. Basically, if you need to understand the areas in which your efforts must focus, Vulnerability Assessment, Network Scan and Code Review are the right tools for you. Last but not least, don’t forget GDPR General Data Privacy regulation GDPR guide ) and the introduction of new figures such as the DPO : our platform is 100% GDPR compliant ( GDPR infographic ).

[post-button]

Cybersecurity guide: looking for protection
Italian hack: Swascan explains the new Cybersec event

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.